Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1113
Views
10
Helpful
5
Replies

Silent Monitoring over Cisco any connect

mightyking
Level 6
Level 6

‎01-20-2021 12:50 PM

Hello Everyone,

Our agents and supervisors are working from home and connecting over VPN. We have 2 VPNs connected to 2 different Date Centers for load balancing purpose. We have the following scenarios:

1) Agents are connection over VPN1

2) Supervisors are connection over VPN1

3) Agents are connection over VPN2

2) Supervisors are connection over VPN2

 

Supervisors connected over VPN1 are able to silent monitor the agents connected over VPN2. Also Supervisors connected over VPN2 are able to monitor agents connected over VPN1 but they can not monitor the agents connected over the same VPN as the supervisors are. Basically:

 

- Agent and supervisor connected over the same VPN  NOT WORKING

- Agent and supervisor connected over separate VPN WORKING

 

When I say NOT WORKING, I mean the supervisor can't hear the audio but there's no error message. Everything works as expected except the supervisor has no audio.

Attached you can find a capture of traffic btw supervisor and agent IP Communicators

 

10.15.18.195 superviseur
10.15.6.101 agent

UCCX 11.6 using FINESSE

 

Do you guys have any idea why the supervisor can't hear the agent while connected over the same VPN?

 

Thanks,

 

MK

Labels:
SUP_AGE.zip
0 Helpful
5 Replies 5

Sean Lynch
Level 7
Level 7

‎01-20-2021 01:21 PM

Work with your security team that set up the VPN tunnels.  Make sure your network routing policy from both client sides is not blocking TCP/IP connections from and to which you are trying to send/receive voice traffic.  Next, make sure you are not blocking the voice RTP port ranges to the same.  Sometimes a network diagram with IP endpoints helps expose this.

Typically what I have seen in this scenario, the default route, back to the source (in this case supervisor to an agent) network is not allowed by default.

Hope this helps.

-Sean

Sean Lynch
Level 7
Level 7
In response to Sean Lynch

‎01-20-2021 03:28 PM

...additional note:  search for "hairpin(ing) on same vpn subnet"

 

Regards,

Sean

0 Helpful

mightyking
Level 6
Level 6
In response to Sean Lynch

‎01-23-2021 06:55 AM

Thank you Sean,

we found a route-map which caused the routing of UDP packets not to go from one VPN to another.

 

Regards,

 

MK

bill.king1
VIP
VIP
In response to mightyking

‎01-23-2021 02:02 PM

Thank you for sharing what the solution was.

0 Helpful

Sean Lynch
Level 7
Level 7
In response to mightyking

‎01-25-2021 08:15 AM

That's great!  Glad you were able to get it working.

 

-Sean

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents